Re: [libseccomp-discuss] Support for PowerPC platforms
High level interface to the Linux Kernel's seccomp filter
Brought to you by:
pcmoore
Menu
▾
▴
Re: [libseccomp-discuss] Support for PowerPC platforms
|
From: Mike S. <str...@li...> - 2015-01-30 22:11:21
|
On 01/29/2015 03:00 PM, Paul Moore wrote: > On Thu, Jan 29, 2015 at 6:02 AM, Purcareata Bogdan <b4...@fr...> wrote: >> On 22.01.2015 18:34, Paul Moore wrote: >>> To clarify, are you planning to also develop the necessary kernel support? >>> One of the reasons we do not support ppc* in libseccomp is that the kernel >>> is currently lacking (or at least it was when I looked a few months ago) the >>> necessary CONFIG_SECCOMP_FILTER support. >> >> Thanks for pointing it out, I wasn't aware of the differences between >> seccomp strict and seccomp filter (still new to the subject). >> >> Following the reference at [1], I looked at the bit of how the requirements >> in the kernel apply to ppc: >> >> config HAVE_ARCH_SECCOMP_FILTER >> bool >> help >> An arch should select this symbol if it provides all of these things: >> - syscall_get_arch() - DONE >> - syscall_get_arguments() - DONE >> - syscall_rollback() - DONE >> - syscall_set_return_value() - DONE >> - SIGSYS siginfo_t support - DONE >> (SIGSYS present in arch/powerpc/include/uapi/asm/signal.h) >> - secure_computing is called from a ptrace_event()-safe context >> TO CHECK >> - secure_computing return value is checked and a return value of -1 >> results in the system call being skipped immediately. - TODO >> >> So what's left looks pretty feasible. I'll try to take care of it and come >> back to you when I have some news. > > For what it's worth, IBM might also have some interest in this work. > I'm not exactly sure who would be the best contact there to find out, > but if you have any contacts with IBM it might be worth sending some > mail. Yes, there is interest at IBM. I had just started looking into it when I discovered that there are others interested as well. I am definitely interested in contributing to the kernel and libseccomp support for seccomp filter on powerpc, but want to make sure I'm not duplicating effort that is already being made. Thanks, Mike |
